For Windows hosts, I have two memberships - one for Windows and one for the WSL2 virtual machine. I suppose I would need additional memberships for any further WSL instances I add.
I use the Windows membership to the ZeroTier network mostly for outward bound connections to a proxy server on a cloud instance and I use the WSL membership for incoming SSH connections.
Is there any way around this? Is it possible to combine the two (or more) into just one membership which I can use for both the Windows host and the WSL2 virtual machine(s), with routing or port forwarding or something like that?
The WSL2 vm has the IP address 192.168.44.117 on 192.168.32.0/20.
I can ping the vm address from the Windows host that it’s running on and vice versa. I can ping a remote server on the ZeroTier network from the WSL2 host, but not the other way around.
In the ZeroTier web interface I have added a route to 192.168.32.0/20 via 172.30.167.178, which is the ZeroTier address of the Windows host that WSL2 is running on but it’s not working.
Is there a particular reason you don’t want to run a second ZeroTier node on the WSL2 guest?
If you install a normal Linux ZT1 client package inside the WSL2 VM, you should be able to directly connect from the external host using the ZeroTier IP address. No need to route to your private network space (192.168.32.0/20) at all…which is kind of the whole point.
Another thing - I have spent quite a lot of time on getting this setup already, having made a systemd service which updates the Windows host file on the Windows host with hostnames for ZeroTier members and WSL VMs. I just cannot get the routing working.
So I can’t be 100% certain, but it seems possible that your Windows host isn’t configured as a local router/gateway for the WSL2 virtual network.
To check, you could try pinging the private network address of your WSL2 guest from another, non-ZeroTier node on your LAN via a static route through the Windows host’s IP.
If that works, we can continue looking at the ZT config. If it fails, it would suggest you need to change your Hyper-V virtual switch configuration to enable routing and/or forwarding for the WSL2 guest.
I think your intuition re: “this is just like my Microtik” setup seems good, but the analogy requires that your Windows host be similarly configured to do routing + forwarding between the ZT interface and the local (Hyper-V) network, which AFAIK isn’t how WSL2 sets things up by default.
Instead of routing to the WSL2 virtual machine I just use the ZeroTier address for the Windows host.
For DNS, I have been using my real domain with actual FQDN hostnames in /etc/hosts (manually added), but now I have automated it using scripts that use the ZeroTier API.
I am planning to add the ability to update Pi-Hole DNS servers with the DNS addresses once I have them set up.
Is this what other people do? I am not sure what most ZeroTier users use for DNS. Cheers.